Fixes bug in SQL queries created by spring-security-acl when using pr… #5216
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…imary keys for ACL identity objects with types other than String
I´m using spring-security-acl in objects which have UUID as their primary key in a project that uses Microsoft SQL as database. I was getting the following stack trace:
After trying to find out the cause of the error, including being suspicious of the database driver I was using, I tracked the bug down to the fact that the identifier of the ObjectIdentity is not converted to String when such identifier gets passed to a SQL query inside the classes JdbcAclService and JdbcMutableAclService.
It´s easy to see the problem looking at the class BasicLookupStrategy, where the following code gets it right(line 394) by correctly calling toString() in the object identity identifier:
spring-security/acl/src/main/java/org/springframework/security/acls/jdbc/BasicLookupStrategy.java
Lines 384 to 402 in d8f91e4
In order to be able to use spring-security-acl with UUIDs I also had to change the source code and add public to the class AclClassIdUtils just like in the issue #4814, what makes me believe that, as of now, not many other people are using spring-security-acl with objects with UUID as primary key elsewhere.